Frequently asked questions about SOC reports

Frequently asked questions about SOC reports

Terms & Conditions

活动对象:华为云电销客户及渠道伙伴客户可参与消费满送活动,其他客户参与前请咨询客户经理

活动时间: 2020年8月12日-2020年9月11日

活动期间,华为云用户通过活动页面购买云服务,或使用上云礼包优惠券在华为云官网新购云服务,累计新购实付付费金额达到一定额度,可兑换相应的实物礼品。活动优惠券可在本活动页面中“上云礼包”等方式获取,在华为云官网直接购买(未使用年中云钜惠活动优惠券)或参与其他活动的订单付费金额不计入统计范围内;

  • What is an SOC report?

    An SOC report is an independent audit issued by a third-party audit institution based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the systems and internal controls of outsourced service providers.


    SOC reports are classified as SOC 1 (including Type I and Type II), SOC 2 (including Type I and Type II), or SOC 3.


    • An SOC 1 report is intended to examine the controls related to financial reporting processes and is usually used by cloud customers and their independent auditors. SOC Type II reports provide more opinions on operational effectiveness than Type I reports to achieve related control objectives.


    • An SOC 2 report focuses on the internal operations and compliance of an organization, including controls related to security, availability, process integrity, confidentiality, and privacy. An SOC Type I report demonstrates the design rationality of internal controls within the organization, and SOC Type II reports reflects the effectiveness of the implementation of the measures during the reporting period.


    • An SOC 3 report is a summary version based on the SOC 2 Type II report and is available to the public.



    Huawei Cloud has earned SOC 1 Type II, SOC 2 Type II, and SOC 3 certification. Huawei Cloud is the first cloud service provider in the world to meet the SOC 2 requirements for controls related to security, availability, process integrity, confidentiality, and privacy. This certifies that information security controls adopted by Huawei Cloud meet strictest requirements of the internationally recognized standards and also certifies our abilities to provide you with world-class security and privacy protection.


    Huawei Cloud periodically invites third-party organizations to review its information security management systems to ensure that the ever-evolving Huawei Cloud environment and services are always protected by industry-leading information security management capabilities.

  • Which data centers are covered by the Huawei Cloud SOC reports?

    The SOC reports for Huawei Cloud cover 30+ data centers in Chinese Mainland, Hong Kong (China), Thailand, Mexico, Singapore, South Africa, Chile, and Brazil. You can download the Huawei Cloud SOC audit reports from Compliance Certificates.

  • Which Huawei Cloud services are covered by SOC reports?

    The SOC reports certification covers over 150 Huawei Cloud services including, but not limited to, Advanced Anti-DDoS (AAD), Web Application Firewall (WAF), Data Encryption Workshop (DEW), and Database Security Service (DBSS). You can download Huawei Cloud's SOC reports from Compliance Certificates.


    If you would like to learn more about our products, please contact us.


  • How long is an SOC report valid?

    SOC reports are issued based on independent audits and demonstrate the rationality and effectiveness of internal controls of an organization. SOC reports are valid once issued. Huawei Cloud invites third-party auditors to perform SOC audits twice a year. You can request SOC reports to learn how well Huawei Cloud controls meet audit requirements.